I had to configure a new Fortigate device recently and tried to follow a brief manual on how to perform an initial setup. As it was required to use application control policies from the Industrial category, I've tried multiple ways of enabling them. But still, after almost an hour of search, I was unable to get it done.
I've also tried to upgrade signatures and even a firmware upgrade :) As you may guess it didn't help...
And after some more time, I found a forum topic, where guys were looking for the solution of almost identical issue.
The solution is quite simple. You should open CLI and configure IPS signature exclude policy:
config ips global set exclude-signatures none end
This command set is provided in KB article, but it's not mentioned that industrial signatures are excluded by default.